What precautions do I need to take before downloading an application on my phone ?

X works in a company whose founder is from Silicon Valley.

I knew, therefore, how to equip his company with the best technologies since its creation, and all the employees have at their disposal the most efficient tools ; telecommuting is encouraged, men and woman are on an equal footing. However, he cannot stand mediocrity, idleness, and stoutness. All the co-workers are invited to participate in the diverse sports teams, and weight loss is rewarded.

X and Y team well at work, they support each other. Both hedonists, they took advantage of the short break by the end of the year to taste good dishes, and the scale does not lie. They subscribed from then on to a fitness program and both get a connected watch and its linked application.

Every day they access the application which informs them with the number of steps taken, the number of calories consumed, the heart rate. In doing so, they open the access to the data on their phones, as the application is not secured. Ill-intentioned people take advantage of it to use that channel, and the company undergoes a data theft.

The damages are important, especially in terms of image. X and Y are punished and the safety principles of the company are reinforced.

Recommendations

The company’s information must be secured against any illegitimate access, and the same applies to personal data, of which we must guarantee the privacy, the integrity and the availability. Unlike computers, common devices connected to Internet are often protected against unauthorized access only in a limited way, and hackers can contaminate them. Besides it is common to be able to access those devices thanks to their standard passwords, and pretty often, these passwords are not changed after the setting up, as far as it is possible to change them. An application for personal use should in no instance be set up on a professional device without the company’s consent.

Basic principles

art. 7 LPD: safety (privacy, availability, integrity)

Resources

see the bi-annual report from MELANI, 2016/2 about Internet of devices